switched nginx from boringssl to libressl
Some checks failed
CI / Build nginx docker images (push) Failing after 10s
Some checks failed
CI / Build nginx docker images (push) Failing after 10s
This commit is contained in:
@@ -1,9 +1,9 @@
|
||||
|
||||
# load_module modules/ngx_http_xslt_filter_module.so;
|
||||
# load_module modules/ngx_http_image_filter_module.so;
|
||||
# load_module modules/ngx_http_geoip_module.so;
|
||||
# load_module modules/ngx_http_perl_module.so;
|
||||
# load_module modules/ngx_stream_geoip_module.so;
|
||||
load_module modules/ngx_http_xslt_filter_module.so;
|
||||
#load_module modules/ngx_http_image_filter_module.so;
|
||||
load_module modules/ngx_http_geoip_module.so;
|
||||
#load_module modules/ngx_http_perl_module.so;
|
||||
load_module modules/ngx_stream_geoip_module.so;
|
||||
load_module modules/ngx_http_headers_more_filter_module.so;
|
||||
load_module modules/ngx_http_brotli_static_module.so;
|
||||
load_module modules/ngx_http_brotli_filter_module.so;
|
||||
@@ -41,9 +41,9 @@ http {
|
||||
keepalive_disable msie6;
|
||||
|
||||
ssl_dyn_rec_enable on;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_ecdh_curve X25519:P-521:P-384;
|
||||
ssl_ciphers [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
|
||||
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 1h;
|
||||
@@ -53,7 +53,7 @@ http {
|
||||
http2 on;
|
||||
http3 on;
|
||||
quic_retry on;
|
||||
#ssl_early_data on;
|
||||
ssl_early_data off;
|
||||
|
||||
gzip_static on;
|
||||
gzip on;
|
||||
@@ -62,30 +62,64 @@ http {
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_disable "msie6";
|
||||
gzip_types
|
||||
text/plain
|
||||
text/css
|
||||
text/x-component
|
||||
text/javascript application/javascript application/x-javascript
|
||||
text/xml application/xml application/rss+xml
|
||||
application/json
|
||||
application/vnd.ms-fontobject
|
||||
font/truetype font/opentype
|
||||
image/svg+xml;
|
||||
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/ld+json
|
||||
application/manifest+json
|
||||
application/rss+xml
|
||||
application/vnd.geo+json
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/bmp
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/cache-manifest
|
||||
text/css
|
||||
text/plain
|
||||
text/vcard
|
||||
text/vnd.rim.location.xloc
|
||||
text/vtt text/x-component
|
||||
text/x-cross-domain-policy
|
||||
application/wasm;
|
||||
|
||||
|
||||
|
||||
brotli_static on;
|
||||
brotli on;
|
||||
brotli_comp_level 6;
|
||||
brotli_types
|
||||
text/plain
|
||||
text/css
|
||||
text/x-component
|
||||
text/javascript application/javascript application/x-javascript
|
||||
text/xml application/xml application/rss+xml
|
||||
application/json
|
||||
application/vnd.ms-fontobject
|
||||
font/truetype font/opentype
|
||||
image/svg+xml;
|
||||
brotli_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-opentype
|
||||
application/x-font-truetype
|
||||
application/x-font-ttf
|
||||
application/x-javascript
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/eot
|
||||
font/opentype
|
||||
font/otf
|
||||
font/truetype
|
||||
image/svg+xml
|
||||
image/vnd.microsoft.icon
|
||||
image/x-icon
|
||||
image/x-win-bitmap
|
||||
text/css
|
||||
text/javascript
|
||||
text/plain
|
||||
text/xml
|
||||
application/wasm;
|
||||
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user